Smart bulb virus infects thousands of devices in minutes


    Smart bulbs are good, but they need to be protected from external threats.

    Creating botnets from poorly protected IoT devices is becoming an increasingly significant threat. For example, the Mirai software, the source code of which has recently hit the network, makes it possible to control IoT devices even for attackers who have little or no experience in conducting cyber attacks.

    There are more and more systems connected to the network; IoT devices include television, cameras, and security systems with thermostats. Protecting such devices from external attacks leaves much to be desired. New Results Studies by information security experts prove the possibility of successful remote attacks on many smart devices used at home and in the office.


    Researchers have shown attacks against Philips Hue smart lamps. The introduction of malicious software into the system allows an attacker to take control of remote devices into his own hands. The compromised equipment uses the ZigBee wireless communication protocol for further attacks, which allows you to create entire networks from hacked devices. More precisely, we are talking about a vulnerability in ZigBee Light Link. Cybersecurity specialists managed to extract the AES-CCM key, with which Philips encrypts and protects the firmware of its lamps. Malicious software is transferred from one device to another via "air", causing "extremely fast spread of malicious software to neighboring devices in a matter of minutes."

    In order to infect all smart lamps within a certain region, only one infected “zero patient” is enough. The cost of the equipment used for the attack does not exceed several hundred US dollars. This was told by Eyal Ronen, an Israeli cybersecurity expert.

    To infect smart lamps, specialists organized the download of a malware update, which was made possible by receiving the AES-CCM key, which was mentioned above. With its help, the bulb can be “convinced” that it is time to update the firmware, and the bulb is infected.

    You can use already infected devices in different ways. For example, it’s easy to control switching on and off, disable the device, or form a botnet from hacked devices. Below is an example of managing many hacked smart bulbs. Hacking them and then managing to succeed with the help of a quadrocopter at a distance of 350 meters. Hacking of bulbs was carried out in the office of Israeli CERT. At the end of the video, it is shown how the bulbs transmit the SOS signal using Morse code.


    Researchers say that this way of controlling IoT devices (not just lamps) is entirely achievable, and it casts doubt on the rainbow-colored pictures of the digital future that corporations paint for us. If you combine a sufficiently large number of such devices into a botnet, it will be possible to bring down an incomparable DDoS attack on various network resources.

    Proof of this is no longer required. The creators of Mirai were able with the help of an army of “zombie devices” to have a powerful DDoS attack on the website of information security specialist Brian Krebs. After that, a similar attack was carried out on the European hosting provider OVH. The total power of this attack was 1 Tb / s. And this is not the limit.


    In this list, the lamp with the version "IrradiateHue" is infected with a virus

    Using network devices a few weeks ago, attackers managed to disconnect some regions of the US East Coast from the Internet. Moreover, the problem turned out to be not just in IoT devices, but in their predecessors - DVR cameras connected to the Network. But the problem is to add more modern devices to the cameras, infecting them with malicious software, there is none.

    As for smart bulbs, Philips has announced that a Hue firmware update has already been released with a recommendation for all users to install this update as quickly as possible. True, the threat of hacking at Philips is not taken too seriously. “We rated the value of this type of hacking as low, because it requires specialized software and the presence of an cracker next to the lamps,” a company spokeswoman said.

    The developer, who discovered a vulnerability in the protection of lamps, said that Philips eliminated only a hole in the protection of the device’s firmware, which opened the possibility of remote download of malware. But there is still the possibility of creating fake malicious firmware updates and the theoretical possibility of downloading this firmware to one of the devices, which will then do the rest of the work on its own.

    “We must work together to get an idea of ​​reliable ways to protect IoT devices ... or we may in the near future face a major attack that will affect all aspects of our lives,” said Ronen.

    Also popular now: